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[57] ABSTRACT 

Methods and apparatuses are disclosed for providing a 
system for automatically tracking use of a software and also 
for determining whether the software is validly licensed and 
enabling or disabling the software accordingly. Exemplary 
systems involve attaching a licensing system module to a 
software application. Records of valid licenses are stored in 
the database maintained by the software provider. The 
licensing system module transparently forms a license 
record inquiry message. The message is transparently sent to 
the database over a public network, such as the Internet, to 
determine whether a valid license record exists in the 
database for the software application. The database forms 
and returns an appropriate response message that is inter- 
preted by the licensing system module. The software appli- 
cation can then be appropriately enabled or disabled by the 
licensing system module. The receipt of the license record 
inquiry can be recorded in the database to monitor software 
use. 
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AUTOMATED SYSTEM FOR MANAGEMENT prompt may be a security system asking the user to enter the 

OF LICENSED SOFTWARE serial number and/or a codeword to enable the software. The 

UAmrrprnrMTi codeword may be a word appearing at prompt-designated 

BACKUKUUWU locations in a user mamiaL This security scheme operates on 

The present invention relates to software licensing, and in 5 ^ premise that a pirate will not ordinarily have a copy of 

particular to a system for automated monitoring and man- the user manual After the software is up and running, it may 

agemcnt of licensed software. periodically prompt the user to re-enable the software by 

It is well known that software is not purchased, but only entering a different codeword appearing at varying locations 

licensed for use. Software, unlike manufactured products. in the user manual. This scheme is subverted by copying the 

can be freely copied and distributed. Hence, software pro- lQ manual and registration number. 

viders are largely limited in their choice of control means. An on screen registration/enablemcnt process may 

Unfortunately, a software license is merely a legal involve writing the registration number to disk. This is only 

mechanism, and can not literally prevent illicit copying of possible with floppy disks as CD-ROMS are. at present, a 

proprietary software. A typical software license grants a largely read-only medium. If the disk is used again to load 

permit to use the licensed software application on a partial- 15 the software application, the software may prompt the user 

lar machine and. perhaps, the generation of backup copies with a warning that the software has already been loaded 

for personal use. A software license provides a software (e.g.. "IS LOADING OF THIS SOFTWARE PERMITTED? 

provider with a legal instrument against impermissible use RECORDS INDICATE THAT THIS SOFTWARE HAS 

of licensed software. However there remains no effective ALREADY BEEN LOADED. YOU MAY BE IN VIOLA- 

mechanism for preventing or monitoring illicit copying or M TION OF YOUR LICENSE AGREEMENT"). However, 

illegal proliferation in the first place. Hence, software pro- reloading of software may be normal in the event of hard 

viders must rely on the public to not pirate software, and rely disk failure. Consequently, software providers cannot feasi- 

on their licensees to abstain from furnishing copies of bly prevent the software application from being loaded more 

software to friends or others. A significant amount of soft- than once. Furthermore, if first run registration enablement 

ware piracy occurs in commercial settings. Commercial 25 is required, copiers can simply copy the software repeatedly 

licensees are usually vigilant about license compliance. prior to registering the original copy. 

However, even the most attentive MIS manager Another security technique is to enable a software appli- 

(Management Information Systems) cannot prevent employ- cation for a defined period of time. This usually involves 

ees from copying software off of company machines for incorporating a date/time checking mechanism into the 

their personal use. As a result of illicit copying, software ^ software application. Such a mechanism may be used where 

providers must adjust their prices, forcing legitimate buyers a software provider wants to supply, for example, a 30-day 

to pay higher prices to offset revenue losses. demonstration version of a software application for user 

Although the estimates for losses due to piracy are evaluation. If the user decides to purchase a license follow- 

estimated in the billions of U.S. dollars, such estimates ing the evaluation period, the user may contact the software 

remain mere projections. This is because there way of 33 provider and supply payment information. Following 

determining how widely software is copied. More approval (e.g., credit card) or receipt (i.e.. check) of the 

specifically, there is no mechanism by which to monitor the payment, the software provider may supply the user with a 

proliferation and use of software, copied or otherwise. regular copy of the software, or provide instructions or a 

Statistics regarding the use of legitimately purchased soft- codeword to disarm or reset the date/time checking mecha- 

ware also remains unknown to software providers and w nism. 

vendors. Despite sales data, purchased software may be in operation, a date/time checking mechanism records a 
found ineffective by users and sit, unused, on hard drives. date/time stamp when a software application is first brought 
Consequently, software providers may not have a firm U p. Alternatively, or in addition, the date/time mechanism 
understanding of how their products are being received by may start a timer when the application is brought up. The 
users. Whether used or not. most proprietary software con- 45 date/time stamp is compared with the system date/time 
tains some security mechanism and/or registration mecha- information mai ntained by the computer to determine if the 
nism, software application is to be disabled. To subvert such a 
There are a number of schemes designed to prevent system, users have been known to reset the system date and 
software from being copied, or to make use of copied system time to prevent expiration. In response, some soft- 
software unduly burdensome. These schemes, however, are jo ware providers have resorted to writing complex code 
largely ineffective, complex, and add to development costs. schemes to disable the software in the event that the system 
Furthermore, for every protection scheme devised by date is tampered with. Such a security mechanism is often 
programmers, there are hackers who will diligently go about used to control licensed software used in a commercial 
underlining them. A first line of defense is to encourage setting. 

legitimate users to register their licensed software. 35 Software sold for use in a commercial or institutional 

Registration of software provides a software provider setting is frequently licensed for a predefined period of time, 

with a record of a valid license. Registration typically When such software is used on desktop computers, such 

involves filling out and mailing a registration card that is computers are typically networked. The networked comput- 

provided in an off-the-shelf software package. A user may be ers are usually connected to a file server, which file server 

asked to write in the serial number of the software set along 60 may itself be tended by a computer management system mat 

with other pertinent information. The defense mechanism in monitors and controls various file server groups. The file 

registration, albeit weak, is that a software provider will only server computers act as a central location at which the 

render assistance and support to properly registered users. desktop computers in the file server group can access files 

That is. a software provider will refuse to grant assistance to and applications. The file server also may facilitate the 

a user unless the user has properly registered their software. 65 control of licensed software on the desktop computers. This 

The registration process also may involve responding to occurs in the situation where the commercial software 

prompts generated by the software when it is first run. The license is a so-called "floating license." 
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Commercial software licenses for operating a plurality of SUMMARY 

desktop computers normally are of two varieties: "fixed" or ^ nt ^ventioD addresses the foregoing problems 

"floating" A fixed license permits a software application to fey providing a system for automatically determining 

run on certain designated computers (e.g.. computer num- whether a software application is licensed. In accordance 

bers one through five, in a ten computer file server group, are 5 with the invention, a generic licensing module, or "client 

designated for the licensed software application). A floating modulc> - is provided that a software provider can attach to 

license permits a certain number of applications to run on a softwarc application. A software application having a 

any number of computers at a given time. So an appUcation cUcnt modulc attacncd (hereto is hereinafter referred to as a 

operating under a floating license may be allowed to sunul- application » ^ accordance with preferred embodi- 

taueously run on do more than tco of twenty computers in a 10 mcnts of mc ^^0^ a application loaded on a 

network at any given rime. Licensing management softwarc computcr having access to a public network, such as the 

is maintained in the network file server to monitor the Interaet automatically reports to a computer maintained by 

number of floating licenses being used. a software provider. The client module is a program. 

Commercial software is prone to installation interruptions application, or like composition of code that is preferably 

as it almost always requires involved enablement proce- 15 ncs ted in a compiled version of a software application (i.e.. 

dures. In accordance with regular industry practices, com- t0 f orm a client application). However, the client module 

mercUl software applications are ordinarily enabled follow- can. i n alternative embodiments of the invention, be attached 

ing their installation by contacting the software provider for to a previously compiled software application. Whether it is 

enablement instructions and/or enabling codes. This process referring to a program nested in. or attached to a software 

is rarely instantaneous. The software provider usually con- 20 application, the term client module is used throughout the 

firms that the software license is proper and paid for before present disclosure. 

faxing, e-mailing. or even using regular mail, to provide a A module utilizes the public network as a means to 
set of enabling instructions, enabling codes, or disk(s) with transparently send license inquiry request messages to. and 
which to bring the application up. Consequently, the soft- reccivc license inquiry response messages from, a license 
ware remains disabled until additional instructions are sup- 25 strvcr maintained by a software provider. The license server 
plied and followed, which are usually sent only after an has a database on which license information, or records, are 
enablement request is approved. stored. The license server also can record information con- 
Management of floating license s on networked computers tained in license inquiry request messages . and thereby audit 
involves two control software components: an application ^ usc 0 f client applications. The license record can identify a 
portion, and an authenticator portion. The application por- license in accordance with a hardware address, or hardware 
tion is nested within an application running on a desktop identifier of the computer, such as an IP address, 
computer. The authentication portion is a code module Operation of an exemplary system incorporating the 
contained in the file server that monitors and authorizes invention involves the client module in a client application 
applications running on the desktop computers. When a user ^ generating inquiries mat are sent to the license server in the 
attempts to open the application software, the application context of an Internet communication session. The license 
portion code communicates with the authenticator code scrvcr responds to the inquiry by investigating its database 
module to check to see if a floating license is available. If the tQ fajamfoe whether a corresponding license record is 
maximum number of floating licenses are already being present The license server then forms an appropriate 
used, the software application is not allowed to open. ^ rcsponse message that is sent back to the client module. 
Licensing control software also may be used to monitor if it is determined that the client application is not licensed 
defined term licenses to disable software in networked mc ^tdme ^ ^ contaio a corresponding license 
machines after license expiration. record), the rcsponse sent by the licensing server does not 
If a commercial license expires, the software may be ali ow th e client application to be enabled. If the client 
disabled, midstream, preventing users from completing 45 application is licensed (i.e.. the database contains a record of 
projects. Re-enablement requires contacting the software a uce nse). the response can allow the client application to be 
provider to purchase an additional license or extension. This enabled, or re-enabled. In sum, the client application must be 
may require re-execution of enablement procedures with enabled for it to properly operate. Communication between 
new instructions or codes. Hence, it may take some time me computer and the licensing server is generally transpar- 
before the software application is up and running again, x cnt lo a uscr That is, the client module automatically forms 
which situation can seriously inconvenience users. a connection with the license server, sends a message, and 
The common shortcoming shared by all licensed receives a response, all without user input or notification, 
software, is mat it requires some form of manual interven- Alternatively, an exemplary embooUment of the invention 
tion for registration, enablement, and/or re-enablement can be used to monitor use of client applications. Operation 
Manual intervention is cumbersome and can render software 55 of an exemplary system incorporating the invention for 
useless until it is enabled or re -enabled. The paramount issue monitoring client application use involves using the client 
is. however, that software providers have no mechanism for module in the client application to generate messages that 
monitoring and controlling the actual use. whether legiti- are sent to the licensing server. Such messages can be sent 
mate or illicit, of their product Proprietary software is over any public network to which a user computer, upon 
misappropriated on a global scale causing massive losses to ^ which the client application is loaded, is connected. For 
software providers, which losses are Inevitably passed on to example, a message can be sent to the license server in the 
legitimate licensees. context of an Internet communication session. The license 
What is needed is a licensing system that allows software server tracks, or audits, the use of client applications by 
use to be monitored in an automated fashion, without user recording pertinent information contained in a message 
input. Moreover, a software licensing system is needed that 65 generated by a client module. A database can be used to store 
permits a software provider to transparently control the use the information. A software provider or vendor can access 
of licensed software. recorded information stored in the database to generate 
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diem application use reports. Such an auditing system can generic. That is, client modules in the desloop computers 

be a partT or a function of. a system for enabling, validating and client components in each of the network level coro- 

and/or disabling licensed software (Le„ client applications). puters arc substantially similar. Agent components in the 

When configured as such, audit data can be derived from licensing modules and the agent module in the license server 

license inquiry request messages. Furthermore, the license 5 also are substantially similar. The cache co ^ n <; n * 0 £™ 

record database in the license server can be used to store me licensing modules are used to store information that defines 

collected audit data. Alternatively, a separate database can the structure of license records. Any client can conunumcate 

be usei with any agent and vice versa. This arrangement facilitates 

In a personal computer setting, an exemplary process in network configuration flexibility, 

accordance with the invention may involve utilizing a 10 Operation of an exemplary system incorporating the 

modem, or like device, in the computer. The client module invention in the network environment involves a client 

generates and sends a license validity inquiry request mes- module in a client application forming and communicating 

sage to a regional or central license server maintained by the a license validity inquiry request message upstream. An 

software provider. The license server contains an agent a g Cnt component in a nearest upstream licensing module 

module for communicating with the client module and a receives the request The licensing module checks its cache 

database containing license records. The database in the to determine if a license record exists corresponding to the 

license server is checked to see if a valid license record re q UCS t The licensing module can then respond with an 

exists for the requesting client application and computer. If appropriate message. If the license information is not found 

so. a message is transmitted back that allows enablement or a{ ^ lcvcl mc licensing module can forward the request 

re-enablement of the cUent application. The Licensing server up5trcara t0 determine if the license is of record in an 

also can record information corresponding to the request in 20 ^ This may continue up to the license server, 

the database containing the license records, or in a different ^ tf & ^ ^ ^ ^ information is 

database. ,. . . ^ t copied into the cache of the licensing module nearest to the 

If ancensere^ordisnotfoun^ J a originating the request for future reference. In 

Xare7?he rn^u may direct a user to a Web homepage invention, the licensing modules r^nomc^y commumcate 

where a license can bi purchased, automatically open a upstream to fetch license ^^ on ^^ 0 ^™^^ 

session to such a homepage, or provide a telephone number maintain currency of their cached license records. By doing 

of a sales representative or automated operator. Optionally, so. a validity request can be addressed by a nearest upstream 

the user can initiate a demonstration mode of operation to 30 agent rnirthermore. periodic checking can permit manage- 

evaluate the client application. ment of request message traffic on the license server. 

In a commercial or institutional computer environment In accordance with an exemplary embodiment of the 

(i.e.. networked computers), a licensing system in accor- invention, license information is organized in class and 

dance with exemplary embodiments of the invention can sub-class designations. License information maintained on 

involve a hierarchical arrangement of licensing modules 35 the license server covers blocks of underlying computers 

arranged between client application(s) and a License server. rather than the individual desktop computers themselves. 

At the desktop computer level, a client module monitors This provides for efficient conununication of license infor- 

one. or more, software applications on the desktop com- mation between the license server, licensing modules, and 

puter. Computers, such as file servers, residing at each level desktop computers. 

of the network, between the desktop computers and the 40 Whether used in a personal or commercial computing 

license server, contain licensing modules. Licensing mod- environment, systems incorporating the present invention 

ules include an agent component for communicating with a allow client software to be enabled or re-enabled at any time 

downstream client, a cache component for interim storage of without significant delay. Software applications operating in 

license information, and a client component for communi- accordance with the present invention can be installed on 

eating with an upstream agent. 45 any computer in the world having access to a public 

Operation in an exemplary process involves the client network, such as the Internet If so desired, a client appli- 

module in a desktop computer communicating upstream cation can be configured to not operate unless it receives 

with an agent component in a licensing module. A client acknowledgment of the presence of a valid license record, 

component in that Licensing module communicates upstream As the use of computers expands globally, a licensing 

with an agent component in a next Licensing module, whose 30 system in accordance with the present invention can ensure 

client component in turn, communicates with a next that a client application operating on any computer in the 

upstream agent and so on. This arrangement is continued world is properly licensed. 

upward to converge on a license server which contains an In addition, in a personal or network computing 

agent module. However, the license server is maintained by environment systems incorporating the present invention 

the software provider. Consequently, the uppermost licens- 55 can be used to monitor client application use. Such a system 

ing module in the institutional network communicates with can operate by recording information from license validity 

the license server by initiating a connection over a public inquiry requests messages that arc received at the license 

network, such as the Internet License enablement inforrna- server. Client application use. and corresponding details, can 

tion is supplied to the upper-most licensing module by the be recorded when the client module sends license inquiry 

license server, which information is propagated back down- « request messages back to the license server. Alternatively, 

stream via the licensing modules. The cache components in the system can be used in an audit-only mode whereby the 

the licensing modules can be used to store license records so client applications report relevant information back to the 

that license inquiries can be addressed without having to license server, but do not require an enabling response 

forward the validation inquiry request messages to the message to continue operating. As the use of computers 

license server. 65 expands globally, a licensing system in accordance with the 

In a preferred enibodiment of the invention, as applied in present invention can assist in tracking client application use 

a network environment the client and agent elements are and proliferation. 
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Preferred embodiments of the present invention take In accordance with an exemplary embodiment of the 

advantage of the fact that an increasing number of invention, the client module 108 automatically initiates a 

computers, and computer networks, have direct access to the process to determine whether the software application 102 is 

Internet Systems in accordance with the present invention validly licensed. This can happen each time the client 

can utili/x the Internet as the medium over which license 5 application 103 is brought up. The licensing module 108 

validity inquiry request inquiries and their corresponding operates transparently and utilizes the modem 106 to form a 

responses are transmitted. connection with the licensing server 110. Once the connec- 

5 . ... . . .. „ e tion is made, the client module 108 sends a license validity 

In accordance with exemplary embodiments of the : M „:„, »„„^ ,„ n.. i;„ ^« ua n.. . n «i» 

., ... . . inquiry request message to the license server HQ. lne agent 

invention, if a client application does not receive enablement modulc 114 rcceives me rcqucst and querics the database 

information, the client application is not enabled, or is io 112 l0 determine whether a license record exists that corre- 

disabled. Hence, any software application that contains a sp0Ilds to ^ client application 103 and computer 100. The 

client module accordance with the invention, can be auto- license server 110 also can record relevant information 

matically enabled, or disabled. Furthermore, use of client contained in the license validity inquiry request message to 

module equipped applications can be tracked. Such a system audit the use of client application, 

allows software to be freely distributed while ensuring that 13 Pursuant to the query, a response message is generated 

a license is taken for its use. or at the very least, ensuring that and returned back to the client module 108 by the agent 

the use of the software can be tracked. module 114. If the query finds a valid license record, the 

^^^ttot*^, mm A „_ r/ ,„ response message indicates the license record's existence 

BRIEF DESCRIPTION OF THE DRAWINGS and location in me database 112. The client module 108 can 

The foregoing, and other objects, features and advantages 20 record the license record location for future reference. If a 

of the present invention will be more readily understood license record is not located in the database 112. an appro- 

upon reading the following detailed description in conjunc- priate response message is generated and returned. The 

tion with the drawings in which : presence of a record permits the client module 108 to enable. 

FIG. 1 depicts a desktop computer in accordance with an OT i° aUow contmued operation of (i.e.. re^nabk). the 

, Y ... , K . « software application 102. 

exemplary embodiment of the invention; a „_ _ . ,. t , . ^ 

"1 . „ .. „ , If the query of the database 112 returns an indication that 

FIG. 2 depicts a flow diagram for operating the arrange- a liccns ^ doc 4 not cxist< me chcol module 108 can pursue 

ment of FIG. 1 in accordance with an exemplary process any ODC of courscs of a^on. The first possible course 

incorporating the present invention; of is to not ^ software application 102. or to 

FIG. 3 depicts a regional server scenario in accordance ^ it if it is presently operating. The client module 108 also may 

with an exemplary embodiment of the invention; supply an appropriate message to the user indicating that a 

FIG. 4 depicts a computer network arrangement in accor- license does not exist for the client application, 

dance with an exemplary erribc<ument of the invention; Alternatively, the client module 108 can supply a message 

bkh c A-~;r+ r „ «„„„M,t;«„ «f «h*. instructing the user as to where and how a license can be 

™V a symbol representation of the computer pu[cha$ J This may involve directing the user to telephone 

network; ot tHj. 4, 35 thc software provider's sales department, or the message can 

FIG. 6 depicts an additional exemplary embodiment of direct the user to an appropriate Web site homepage on a 

the invention wherein multiple software application licenses Web server 118 where the software can be purchased, 

are managed; and jf a license « purchased via a homepage on the Web 

FIG. 7 depicts an additional exemplary embodiment of server 118, the Web server 118 can automatically update the 

the invention in a portable computer. 40 database 112 with the information supplied by the user or the 

nPTATr fd nF^rRTFTTniM computer 100 (e.g.. IP address supplied in the context of a 

DETAILED DESCRIPTION Wcfa scssion) creating a valid license record. A 

FIG. 1 depicts a personal computer system in accordance subsequent client module license inquiry will allow the 

with an exemplary embodiment of the invention. The system client application 103 to be enabled. If the license purchase 

includes a personal computer 100 that has a client applies- 45 transaction fails for any reason (e.g.. a credit card supplied 

tion 103 residing on a hard drive 104. The client application is not approved), the license record can be removed from the 

103 is comprised of a software application 102 and a client database 112 by the software provider. This has the effect of 

module 108. The computer 100 includes a modem 106. The disabling the client application in a next license validity 

client module 108 operates to enable or disable the software inquiry. The practical effect of such a system is to be able to 

application 102 pursuant to a response from a license server 50 provide software that is freely distributable. Any user in 

110 in the context of license validity inquiries. The license possession of the client application 103 will not be able to 

server 110 contains a database 112 having license records use it until a license is procured and a license record is 

recorded thereon, and an agent module 114 that communi- established. 

cates with the client module 108. The licensing server 110 is An exemplary process of operating the arrangement 

typically maintained by the software provider who devel- 55 depicted in FIG. 1 is shown in the flowchart of FIG. 2. The 

oped the software application 102. Alternatively, the license frequency and tuning for performing a license validation 

server 110 can be maintained by a contracted service pro- check can be selected according to the discretion of thc 

vider. In a preferred embodiment, the client module 108 and software application designer. In the exemplary process 

the agent module 114 communicate over the Internet 116. depicted, the client module performs an initial check each 

However, the client and agent can communicate over any 60 time the software application is brought up (step 200). The 

public network. As used herein, the term public network license validity checking process is initiated (step 202) by 

encompasses not only networks that are freely available to utilizing a modem to form an Internet connection between 

the public, generally, but also any private network which can the computer 100 and a licensing server (step 204). This may 

be subscribed to. The depiction of the client module 108 is be done by having the client module instruct the modem to 

merely for descriptive and illustrative purposes. The client 65 dial a 1-800 number maintained by the software provider 

module 108 can be code nested within the software appli- that accesses a local Internet gateway (if used in the United 

cation 102. States). 
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Once the connection is confirmed (step 206), the client licensing server 110. Furthermore, in preferred embodi- 

module 103 forms a license validity inquiry request message ments of the invention, license ID information is commu- 

(step 208). The request message may contain information nicated between the client module 108 and the agent module 

such as the application name, the application version 114 in an encrypted form, as explained in greater detail 

number, a date/time stamp, the name of a license server 110 5 below. 

(if several license servers are maintained by the software In the event that no license is found, several response 

provider), and a hardware identifier, such as the IP address options are available which vary according to the require- 

of the computer 100. After formation, the request message is ments of. and discretion of a designer of the software 

sent to the license server 110 (step 210) over a public application 102. As previously mentioned, a response can be 

network*. The agent module 114 in the license server 110 1Q to provide the user with a phone number through which a 

forms a query (step 212) to determine whether a correspond- software license can be purchased, or to direct the computer 

ing license record is stored in the database 112 (step 214). user to a Web homepage maintained by the software pro- 

The agent module 114 also can record audit information vider. Alternatively, the client module 108 can directly 

from the request message (step 213). If the query locates a initiate a session with the Web server 118 that supports a 

record of a license for the request, a response message is 13 homepage through which the user can purchase a license. A 

returned having a license ID field comprising a pointer to the first screen on such a homepage can prompt the user to 

location of the license record in the database 112 (step 218). indicate whether the purchase of a full license would be 

If the query does not locate a record of a license far the desirable, or whether a demonstration period is preferable to 

request, a response message is returned having a null indi- evaluate the application. If neither of these options is 

cation in the license ID field (step 216). The response selected the session is terminated. If the user opts to take a 

message is returned to the client module 108 (step 220) after license, the user can be prompted with questions asking 

which the Internet connection is closed (step 222). which features in the software application are to be enabled 

The client module 108 investigates the response message (the price of the license can be adjusted accordingly). The 

to determine whether the license ID field contains a license session can conclude with the presentation of a payment 

ID (step 224). If the license ID field is null, the client module 23 screen inviting the user to enter credit card information, or 

108 fails to enable the software application, or disables it to call a sales representative in order to supply payment 

(step 226). The client module 108 may then prompt the user information. 

with any variety of messages (step 227). For example, the If credit card information is supplied in the homepage 
user may be prompted to assess whether a demonstration session, it can be gathered using the system disclosed in the 
period of operation would be acceptable. If so, this infor- x U.S. Pat. application Ser. No. (BDSM Attorney Docket No. 
mation can be recorded in the client module 108 and be 025553-014) entitled: "System for Securely Storing Infor- 
passed upstream in the context of a next validity inquiry mation Received Over a Public Network," by Coley and 
request message. The server 110 will record this information Wesinger. filed on Feb. 6. 1996. and incorporated herein by 
in the database 112. Alternatively, the user can be prompted reference in its entirety. Once the credit card information is 
to contact a sales representative or automated operator to 35 entered, a response message can be sent to the client module 
purchase a license, or directed to a Web homepage where a 108 temporarily enabling the software application 102. The 
license for the software application can be purchased. In the database 112 can then automatically updated with a license 
event of a license purchase, the database 112 can be auto- record If a credit card turns out to be invalid, the license 
matically updated to record the license. Thereafter, a validity server database 112 can be updated accordingly by removing 
check will find a license record and allow the client appli- ^ the license record and thereby disabling the software pur- 
cation 103 to be enabled, suant to a next inquiry. 

If the license ID field contains a license ID, this infor- The exemplary inventive system described above allows 

mation is recorded by the client module 103 for future use client applications (i.e., software application having client 

(step 228). The client module 108 then enables the software modules) to be freely distributed while reasonably ensuring 

application 102 (step 230). The client module may. at this 45 that they are. or will be, licensed if used. Any software 

point, start a timer (step 232) for periodic checking of application having a licensing system client module attached 

license validity. Such a validity check is automatically will not operate unless and until the license system client 

initiated when the timer expires (step 234). The client module receives authority to enable the software applica- 

module also can be configured to initiate a validity check tion. Such a system allows global proliferation of the 

whenever an interrupt is present indicating a certain activity x software, even in the form of a copy. However, such 

(step 236), such as printing or saving. widespread use of client applications may result in the 

Periodic checks performed at timer expiration, or upon license server 110 being inundated with validity request 

appropriate interrupt, use the license ID. which is a pointer, message traffic. A dedicated license server can be set up to 

to directly access the database record corresponding to the handle all of the license inquiry traffic for a particular 

license. If the license record is found, a response message 55 software application. Alternatively, some form of traffic 

indicates so, the software remains enabled, and the timer is management can be invoked. 

reset. If the record is found empty* ic n^y indicate that the Traffic management can take many forms. It can involve 
license has expired. The response message will indicate this, establishing regional license servers according to a geo- 
and the software can be disabled. Alternatively, the user may graphic arrangement that permits efficient response to any 
be requested to renew the license within a certain period of 60 licensing inquiry request messages. A client application 
time before the software application 102 is disabled. initialization process can be used wherein a user enters the 
The date/time stamp information passed upstream in the location (e.g.. zip code, city, and country). This information 
license validity inquiry request message can be used to can be used by the client module to select an appropriate 
detect whether the system date/time information on the autodial telephone number whereby a nearest software pro- 
computer 100 has been tampered with. This is done by 65 vider license server can be accessed, 
comparing the date/time information passed in the request Regional license servers can receive license information 
message with the date/time information maintained on the propagated from a central licensing server. Client modules 
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can contact their regional license server to assess whether computers 500 arc tended by group file servers 502 on 
license records exist for their corresponding client applica- networks 504. Each of the group file server computers 502. 
tions. Because use of the Internet is contemplated as a means minicomputers 506. 508 and 510. and a main computer 512 
for communicating licensing inquiry and response contain a licensing module. A licensing module comprises 
messages, the regional license server designated for a par- 5 an agent component 51S. a cache memory component 520. 
ticular client module can be assigned in accordance with and a client component 522. The license server 526 main- 
efficient network, and/or geographic, considerations. This tained by the software provider contains an agent module 
can facilitate provision of a swift response to license validity 524. For any of the licensing modules in the intermediate 
inquiry request messages. computers between the desktop computer 500 and the 
An arrangement of regional licensing servers in accor- 10 license server 526. the licensing module's client component 
dance with an exemplary embodiment of the invention is 522 communicates with the agent component 518 of an 
depicted in FIG. 3. Regional licensing servers 302 are upstream licensing module, or with the agent module 524 of 
comprised of an agent component 306. a database compo- the license server. The licensing module's agent component 
Dent 308, and a client component 310. A client module in a 518 communicates with a downstream licensing module's 
desktop machine 300 communicates with an agent compo- 1S client component 522. or a client module 516 in a desktop 
nent 306 in an assigned regional license server 302 over a computer 500. Communication between the upper-most 
public access network, such as the Internet 316. The client licensing module in the internal network (i.e.. licensing 
component 310 in the regional license servers 302 coramu- module 512) and the agent module 524 in the license server 
nicates with an agent module 314 in a central license server 526. is conducted over a public network, such as the Internet 
304. License information can be systematically directed ^ 528. 

from the central license server 316 to appropriate regional An audit function can be implemented in a networked 

license servers 302 in accordance with information supplied embodiment of the present invention in a number of ways, 

when the license is procured. Alternatively, the regional For example, the upper-most licensing module 512 can 

license servers 302 can systematically request license record maintain software, such as an audit tool 530. that tracks use 

information with which to update their database components M of client applications in underlying computers in the net- 

308. work. An audit report can be periodically generated and sent 

A variation on the regional license servers 302 can be used upstream to the license server 526. The license server 526 

in a licensing management system incorporating the inven- can record and interpret the audit report to monitor use of 

tion for application in a commercial setting. That is. wherein client application software. Alternatively, license validity 

computers are networked in a hierarchical arrangement 30 inquiry request message traffic from individual client appli- 

within a company or institution. cations can be recorded in the license server 526. Audit 

FIG. 4 depicts a commercial network system in accor- information can be used to generate billing invoices, 
dance with an exemplary ernbodimcnt of the invention. An additional aspect of the aforementioned audit system 
Desktop machines 400 are organized in file server groups. permits an MIS manager at a corporation or institution to 
The file server groups arc administered by file server com- 35 monitor the use of client applications for internal audit 
puters 402 through networks 404. The file server groups can, purposes. Such a system operates by monitoring license 
for example, serve various design teams in a research and inquiry traffic passing through a network to and from a 
development facility of a corporation. The file servers 402 in license server. In an exemplary embodimenL such a system 
the R&D facility are. in turn, tended by a minicomputer 406. involves maintaining internal auditing software (eg., a tool 
The minicomputer 406. and minicomputers 408 and 410 at 40 or utility program) in an upper-most level licensing module 
other facilities (e.g.. manufacturing and sales) are networked in an internal network. A report can be generated by the 
under a main computer 412 located, e.g., at the headquarters internal auditing software tool Data in the report can be 
of the corporation. In accordance with an embodiment of the derived from information collected at the upper-most licens- 
invention. each desktop computer 400 contains a client ing module. The MIS manager can use the internal audit 
module for monitoring one or more client applications. The 45 reports to manage the licensing arrangements of the client 
client modules in the desktop computers 400 communicate applications on the network. For example, if a network of 
upstream with licensing modules contained respective file twenty desktop computers is frequently using a maximum 
server computers 402. The licensing modules in the file number of floating licenses for a particular client 
server computers 402 communicate with a licensing module application, the MIS manager can ascertain this by review- 
in the minicomputer 406. which licensing module, in turn. 50 i Q £ internal audit records, and take appropriate action, 
communicates with a licensing module in the main computer In accordance with preferred embodiments of the in ven- 
412 at the corporation headquarters. The licensing module in tion in a network setting, each of the agent-type components, 
the main computer 412 uses a public network, such as the and each of the client-type components are generic. That is. 
Internet 414, to communicate with a license server 416 any given agent component 518. and the agent module 524 
maintained by a software provider who developed the soft- 53 in the license server 526, is substantially similar. The same 
ware application^ ) on the desktop computers 400. Main is true of the client components 522 and the client modules 
computers 413 and 415 at other corporations or institutions in the desktop computers 500. The parameters maintained 
also can communicate with the license server 416 to com- by. and passed between various license system elements 
municate license inquiry and response messages. defines the licensing system structure. 

A representation of the network scenario depicted in FIG. 6G In accordance with a preferred embodiment of the 

4. illustrating licensing system components in accordance invention, the license system operates by distributing liccns- 

with an exemplary cnibodimcnt of the invention, is shown in ing information to the cache components 520 in the Ucens- 

FIG- 5. Various network computers are depicted in symbolic ing modules in response to inquiry requests. The information 

form to assist in illustrating the components involved in the contained in a particular cache component 520 is specific to 

exemplary embodiment of the invention. Desktop computers 63 subordinate software applications 514, or licensing modules. 

500 contain software applications 514 having licensing In accordance with a preferred embodiment, license infor- 

system client modules 516 attached thereto. The desktop mation is organized by class designations. Individual 
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licenses for client applications on desktop machines 500 can after its use in the event that there is a per-use cost associated 
be covered by sub-class licenses maintained in the cache with the software. The following exemplary process descnp- 
components 520 in the file server computers 502. The tions are provided for a case wherein a client application is 
sub-class licenses on the file server machines 502 can. in validating itself directly, or indirectly (i.e., through one or 
turn, fall under a class license maintained in the cache $ more licensing modules) over the Internet, 
component 520 of the minicomputer 506. The class license Each of the procedures involves initially forming a con- 
maintained on the minicomputer's licensing module can be nection with a corresponding upstream agent The agent can 
designated under a block license maintained in a cache be the agent component of a licensing module in an 
component 520 of the main computer 512. The client upstream network file server, or like machine containing a 
component 522 of the main computer's licensing module 1Q licensing module. Or the upstream agent may be the agent 
communicates with the license server 526 to verify block module in a license server in which case the connection is 
licenses. formed over a public network, such as the Internet. 

Validity inquiry traffic is managed in the exemplary When a client application is first brought up. the Check 

system of FIG. 5 through the use of the aforementioned Out License procedure is initiated. The purpose of the Check 

license class designation structure and through periodic 13 Out License procedure is to enable the software application 

updating of caches in licensing modules. By maintaining to which the client module is attached In addition, the 

license InformatioD in a class/sub-class designation, a single Check Out License procedure can be used by to track the 

license validity inquiry generated by. for example, a file proliferation of a client application. In accordance with an 

server's licensing module, can enable a sub-class license that exemplary process incorporating the invention, the client 

covers the cUent apphcations of all of the desktop computers ^ module's Check Out License call generates a client data 

500 in the file server's group. This is generally more efficient structure containing: the name of the software application, 

than having each desktop computer 500 individually vali- any feature name(s) that is to be enabled, the name of the 

date its own license through the license server 526. upstream agent component/module, a hardware identifier of 

Furthermore, because the sub-class license maintained on the computer containing the client application, a date/time 

the file server itself can fall under a class license maintained M stamp, and a version number of the licensing system. Other 

on the minicomputer, the validity inquiry by the file server fields are created in the client data structure that are filled in 

may be addressed by the minicomputer rather than forward- by the upstream licensing module or license server, 

ing the request further upstream. Prior to, concurrently, or following the formation of the 

In accordance with a preferred embodiment of the client data structure, the client module forms a connection 

invention, licensing modules periodically and systematically M wim toe upstream agent component designated in the client 

initiate license validity inquiries upstream. The responses to data structure. Once the connection is completed, the Check 

the periodic inquiries are recorded into the cache compo- Out License procedure sends a license validity inquiry 

nents of the licensing modules. As a result, client modules request message to the upstream agent, which request mes- 

and client components need ordinarily communicate with a sage contains the contents of the client data structure, 

next upstream agent to be enabled, re-enabled, or to update 35 Alternatively, the entire data structure can be sent. The 

their caches. Periodic self-validation updating of the licens- information from the client data structure is used by the 

ing modules also provides for more uniform request traffic upstream agent to form a query with which to determine the 

on the licensing server 526. This can provide efficiencies in existence, if any, of a license record for the client applica- 

propagating license information from the licensing server in tion. In the case where the upstream agent is the agent 

response to license validity inquiries. Of course, the fore- « module in the license server, the query is performed on the 

going system can operate by passing individual license server database. In the case where the upstream agent is an 

validity request and response messages through the licensing agent component in a licensing module (e.g., in a file server) 

modules. the query is performed on the licensing module's cache 

The result of the hierarchical arrangement is to control the component, 

flow of validity inquiry traffic received and responded to by 43 If the query finds a license record in the database or cache, 

the licensing server. If a license server dedicated to a the location of that record, in the form of a pointer, is 

particular client application is employed, the license server generated, for storage in a license ID field in me client data 

may be able to handle all of the license inquiry traffic structure. The licensing module also generates an authori- 

received. However, if a single license server handles license zation ID for storage in a field of the same name in the client 

validity inquiry requests for a variety of client applications, 50 data structure. If the query does not locate a license record, 

request traffic management may be needed. By arranging the the license ID field and authorization ID field are left blank 

system in a hierarchical fashion and designating the licenses (Le.. nulled). Following the query, a license validity inquiry 

in accordance with class and hierarchical subclass response message is formed by the agent and returned to the 

designations, the licensing server can manage request traffic client. The response message contains the license and autho- 

for a several different client applications. 55 rization IDs. if any, that are to be stored in the client data 

Client components and modules contain a set of license structure, 

management procedures for handling license record infor- The client module investigates the client data structure 

mation. In accordance with an exemplary embodiment of the content returned by the agent component/module to analyze 

invention, three validation procedures are used; Check Out the license and authorization ID information contained 

License, Validate License, and Check In License. Check Out 60 therein, if any. If these fields indicate the presence of a valid 

License is responsible for the initial enablement of a client license, the client module enables the software application, 

application. Validate License is responsible for periodic The license and authorization IDs are stored, in the client 

re-enablement of a client application. Check In License can data structure in the client module for future license vali- 

be used for decrementing a floating license count or indi- dation checks. If the data structure fields for the license and 

eating client application status in a database license record 65 authorization IDs are null, the client application is not 

when use of a client application is completed. Check In enabled and the client data structure is deleted from the 

License also may be used for disabling a license or feature client module. 
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The database or cache quay also may involve a compari- 
son of the date/time stamp contained in the client data 
structure with date/ time information maintained by the 
license server or license module system. This added security 
measure can detect a user's tampering with system time and 
date information on their computer. If the particular software 
application is operating in a demonstration mode for a 
predefined period of time, the date/time stamp passed in the 
client data structure can be used as an initial check of 
whether the demonstration period has expired If there is 
date/time corruption, the client application can be disabled. 

In an audit function, the contents of a message generated 
by the Check Out License procedure can be recorded in the 
license server or upstream licensing module. Relevant infor- 
mation recorded by the license server can include, but is not 
limited to. the hardware identifier of the computer upon 
which the client application is loaded (e.g.. the IP address), 
the application name, feature names, and the application 
version number. Additionally, a client module registration 
number, or like identifying means, can be nested in a client 
application. This registration number also can be passed 
upstream in a request message for audit recordation. A client 
module registration number allows a software provider to 
track the proliferation paths and patterns of copied client 
applications. Consequently, a software provider can deter- 
mine the source of copied software. A software provider can 
force a user to attach a non-connected computer to a network 
access point by supplying a prompt indicating to the user 
that a client application will not enable unless and until it 
checks in. Consequently, if the user chooses to use the client 
application (Le.. attach the computer to a network access 
point), the software provider is informed of the client 
application's use. 

A second process initiated by a client module or a client 
component is the Validate License procedure. This process 
determines whether a previously enabled cHent application 
is still validly licensed. The procedure can be called at any 
time. For instance, the initiation of the Validate License 
procedure can be in response to a timer expiration (Le.. a 
periodic check) or at the appearance of a system interrupt 
(e.g.. printing is selected). The Validate license procedure, 
in accordance with an exemplary process incorporating the 
invention, generates a new client data structure containing: 
the name of the software application, any feature name<s) 
that is to be enabled, the name of the upstream agent 
component/module, the license ID. the authorization ID, a 
date/time stamp, and the version number of the licensing 
system. 

Following completion of the upstream connection, the 
Validate License procedure sends a license validity inquiry 
request message to the upstream agent, which request mes- 
sage contains the new client data structure contents. The 
license ID information in the client data structure is used by 
the upstream agent to directly access the memory location 
where the license record was previously located. If the query 
finds a license record, a new authorization ID is generated by 
the agent and stored in the authorization ID field in the client 
data structure. If a license record no longer exists, the license 
ID field and authorization ID field are nulled. A license 
validity inquiry response message containing the client data 
structure is (hen formed by the agent and returned to the 
client module. 

The client module investigates the data structure contents 
returned in the response message to analyze license and 
authorization ID information. If the authorization ID indi- 
cates the continued presence of a valid license, the client 
module allows the client application to remain enabled. The 
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new authorization ID is stored in the client data structure in 
the client module for future license validation checks or to 
check in the license. If the data structure fields for the license 
and authorization IDs are null, the client application is 

s disabled and the client data structure is deleted. 
Alternatively, the user can be prompted to indicate whether 
a new license would be desirable. If so. any of the proce- 
dures previously described can be used to procure a new 
license (e.g.. access a Web homepage). 

10 The Check In License procedure can be used to return a 
license or disable a feature when a user has completed use 
of the client application or a feature contained therein. The 
procedure, in accordance with an exemplary process incor- 
porating the invention, generates a new client data structure 

15 containing: the name of the software application, any feature 
oame(s) that is to be disabled, the name of the upstream 
agent component/module, the license ID. the authorization 
ID, a date/time stamp, and the version number of the 
licensing system. 

20 Following completion of the upstream connection, the 
Check In License procedure sends a license check in request 
message to the upstream agent, which request message 
contains the new client data structure contents. The license 
ID information in the client data structure is used by the 

25 upstream agent to directly access the memory location 
where the license record was previously located. The exist- 
ing license record is modified to indicate the disablement of 
a feature, or is deleted (if the agent is the agent module in 
the license server). If the agent is an agent component in a 

30 licensing module, the license is designated for deletion. This 
information is passed upstream in a license check in request 
message subsequently sent up stream by the licensing mod- 
ule in its next periodic self-validation. The license and 
authorization ID fields of the client data structure are nulled 

35 and a license check in response message containing the 
client data structure is then formed by the agent and returned 
to the client module. The client module then deletes the 
client data structure. 
It is important to note that, in a network setting incorpo- 

40 rating the aforementioned exemplary processes, the client 
components of the licensing modules also can use the Check 
Out, Check In, and Validate License procedures to update 
licensing records stored in their cache components. Perfor- 
mance of these procedures by the licensing modules is 

45 substantially similar to performance of the procedures by a 
client module. However, the corresponding license ID, 
instead of referring to an individual client application, can 
refer to a class or sub-class license that covers a block of 
underlying client applications, or licensing modules. As 

50 previously mentioned, the Validate License procedure can 
be periodically initiated by the licensing modules to sys- 
tematically update the contents of their caches and to 
provide for request traffic management received at the 
license server. Automatically auditing cached license 

55 records improves the likelihood of a client application, or 
client component finding a current license record in a next 
upstream agent in the context of a Check Out or Validate 
License procedure. 

A licensing system in accordance with the invention, in a 

60 preferred ernbodimenu involves inserting licensing system 
code into a pre- compiled version of a software application 
and then compiling that application into a single executable 
client application. However, in accordance with another 
embodiment of the invention, the licensing system can be 

65 provided as a module that is inserted into to an existing 
software structure on a computer network. Such a system 
can be used to monitor software application use in a com- 
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putcr network that docs not otherwise have a means to audit server to check each of the software applications loaded on 

application use. This type of system can be used by sub-tended computers. A system in accordance with the 

individuals, such as MIS managers, who wish to audit latter embodiment of the invention provides for a generic 

software application use activity in a network. In an exem- solution whereby a single client module is maintained on the 

plary embodiment a client module installed in an individual s desktop computer that handles all of the licensing manage- 

desktop computer "wraps around" software applications ment for the computer's client applications. Hence, the 

selected for monitoring. When the wrapped application computers and corresponding servers need not contain sev- 

used. or seeks a floating license from a file server, a licensing eral licensing system applications each having proprietary 

module installed in the file server computer records the code. 

activity. In a floating license system, the licensing module 10 Because the exemplary embodiments described above 

can be configured to always reserve a license for use by describe use of the Internet as a communications medium, 

certain individual computers (e.g.. the CEO's computer). the hardware identifier maintained in the client data structure 

Audit records generated by the licensing module can be is preferably the IP address of a compter However any 

periodically checked by the MIS manager to see if adjust- other suitable ^^.^^^^f^^S^ 

licenses). an internal serial number that can be used as a hardware 

A variation of the latter system also can be installed in identifier. Alternatively, a hardware module can be provided 

existing network to retrofit a licensing management system. ^ ^ desigIied specifically for a licensing system in accor- 

Client modules wrap previously installed applications witn mc p^^i invention. Such a hardware module 

thereby converting them into client applications. The client 2c can be attached to a parallel port on a computer can be used 

modules on individual computers monitor and/or control as a tag to identify the computer. The client module in the 

client application use. The client modules can report to computer scans the parallel port to acquire the computer's 

licensing modules in upstream file servers, or report directly hardware ID for insertion into a client data structure, 

to a license server over a public network. Such a system can The license ID maintained in the client data structure is 

be used by software providers as an aftermarkct component 2 j used as a pointer to a location in the cache or database of a 

installed on top of existing software systems. In such a corresponding upstream licensing agent or server. The 

setting, a client module can be responsible for handling pointer designates the location of the licensing record, A 

license validation of more than one client application loaded license record at any given level, can represent a relationship 

on the computer. If two or more client software applications between the agent and an underlying client. That 

on a computer are by a same software provider, the client 30 relationship, as designated by me license ID can be used as 

module can generate a single validity request message a universal designator to replace designating a particular 

covering each wrapped client application. Such a systemhas client/agent pair by application name, feature name. IP 

the effect of providing a generic licensing validation system address, agent name, etc Use of a license ID provides a 

for all of the licensed software on a desktop machine more efficient means with which to track and communicate 

supplied by a particular software provider. 35 information regarding a particular license. 

A exemplary licensing system that can be retrofitted in an The authorization ID is used as a means to indicate the 

existing computer network is depicted in FIG. 6. An indi- status of a license in response to an enablement or validation 

vidual computer 600 has a client module 618 installed inquiry. The authorization ID also can be used as an 

therein. The client module 618 is wrapped around one or acknowledgement to a Check In License procedure that 

more software applications 620. 622. 624 and 626 to create 40 permits a client application to delete a client data structure, 

client applications. In a preferred embodiment, the client Furthermore, the authorization ID also can be used to return 

applications are specific to the software provider who is a status message containing an error code, an indication that 

retrofitting their networked software with the licensing sys- the server or agent is presently too busy to handle a query, 

tern. However, if a license record database is configured as an indication of a connection or communication failure, or 

a "clearing house," whereby a multitude of software pro- 45 any other like message. Another important task facilitated by 

viders consolidate license information in a single server or the authorization ID is its use in supporting encrypted 

a network of license servers, the client module 618 can communication between a client and an agent, 

validate software licenses by a variety of software providers. Communication between clients and agents, in accor- 

The client module 618 can enable, or validate, the client dance with preferred embodiments of the invention, is 

applications by communicating with a licensing module in a 50 encrypted. In an encryption scheme according to an exem- 

file server 602. The licensing module in the file server 602 plary embodiment, the authorization ID is used to pass back 

also is a retrofitted component in the license system. Licens- a key for use in encryption processing. The encryption 

ing modules are installed in each of the computers (e.g„ file scheme involves maintaining identical encryption engines in 

servers, minicomputer, main computers) that form the net- corresponding clients and agents. The key passed by the 

work hierarchy. Operation of such a system is substantially 55 authorization ID is used as a common seed, or initialization 

similar to that of a network embodiment of a license vector, for initializing the respective encryption engines for 

management system described above. Alternatively, client encryption and decryption of messages. A new key is 

modules can communicate directly with a license server 604 generated and passed back each time an agent responds to a 

over a public network, such as the Internet 616. client inquiry, which key is used in a next round of com- 

As mentioned in the Background above, software licens- «o munications. The key is stored in the client module in me 

ing management systems conventionally maintain context of storing the client data structure (containing the 

proprietary, that is application specific, licensing code in authorization ID). In a subsequent clicnt-to-agent coramu- 

sofrware applications (i.e., application portion). Correspond- nication the key is used for cUent encryption of a message, 

ing proprietary licensing code also is maintained in the file The message is then decrypted at the agent using the 

server or like network element (i.e., authenticates portion). 65 common key. 

Consequently, a conventional system typically has to main- In order to allow encryption synchronization, all of the 

tain several separate licensing validation programs on a file data structure fields in an initial communication between a 
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client/ageQt pair are unencrypted. Subsequent communica- 
tions have certain fields encrypted. Id response to an initial 
communication, the agent passes back a first key. The 
message is then re-sent having designated fields of the client 
data structure encrypted. The response passed back by the 
agent in a next communication contains a new key for use 
in a subsequent communication. In this way, the client and 
agent maintain encryption synchronization by supplying the 
same key to their respective encryption engines. In accor- 
dance with a preferred embodiment, the key is a random 
number generated by an agent. 

The encrypted fields of the data structure contents passing 
between a client and agent include the license and authori- 
zation Ids, and any proprietary data required for validation, 
such as floating license information. All of the fields of the 
data structure contents can be encoded, however, the appli- 
cation name, feature name, hardware identifier, and a licens- 
ing system version number are preferably left unen coded. In 
the event that there is lack in synchronization, a client or 
agent can look to the unencoded information and revert back 
to a most recent encryption key. If there is still Lack of 
synchronization, a request is passed that the client return to 
the initial message state, thereby allowing both the client and 
agent encryption engines to reset. 

The frequency of validation checks is application depen- 
dent A software designer can select when and how often 
validation checks are to occur, if at all. The licensing system 
can be configured in accordance with the needs of a par- 
ticular application. The software license can be validated, or 
enabled, each time the application is brought up on a 
computer, or each time a particular feature is used (e.g.. 
printing). The software license also can be validated in 
response to the expiration of a timer (i.e., periodic 
validation). If the response to the validation check is returns 
a null license ID. the client application is disabled To 
prevent a user from tampering with a client application, or 
a licensing module associated therewith, in an effort to 
disable validation checking, any number of watchdog timers 
can be nested in the client application. The nested watchdog 
timer can be used to periodically self-check the client 
application to determine whether it has been validated 
within the watchdog period If so. the watchdog timer is 
reset If not. a validation check can be initiated or the client 
application can be disabled. 

Establishing a database license record in the licensing 
server can be performed in a variety of ways. Software can 
be purchased and paid for in an interactive commercial 
transaction conducted over the Internet, as described above. 
The result of such a transaction is to establish a license 
record in the licensing server database. A subsequent vali- 
dation check by the client application will allow the software 
to be enabled. The database entry also can be formed by 
pre-authorization. If the software is purchased from a 
vendor, the vendor, in the context of the transaction can 
perform the database entry shortly after the software is 
supplied to the user or company. When the software is 
brought up on the client computer, an initial validity check 
will return an enablement response because a license record 
has already been established. Alternatively, software can be 
prc-cnaMed with a temporary term license thereby providing 
a software provider with a time window in which to establish 
a license record. Other techniques for establishing an entry 
in the database, and thus enabling the corresponding client 
application, include using automated telephone operator 
systems. A client can call a telephone number and use a 
touch-tone phone to respond to prompts presented by an 
automated operator. Hence, any mechanism for initializing 
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the database, and consequently automatically enabling the 
software, is deemed suitable. 

Another aspect of systems operating in accordance with 
the invention is feature enablement The systems described 

5 above can be used to enable and disable particular features 
in a client application. Such a situation may occur wherein 
a software application has several levels of operating capa- 
bility. For instance, a user can selectively enhance operating 
capability by selecting features defined in a software feature 

1° application menu. In response, an associated client module 
can invoke the Check Out License procedure wherein the 
desired feature name is passed upstream. The license, of 
course, does not exist yet but the system can be configured 
to direct the user to, or provide the user with, a feature 

1 3 enablement menu that requests that the user enter credit card 
information, as described above. Alternatively, the system 
can be organized to automatically initiate a process that 
creates a license when new software is brought up. This can 
involve a mechanism that forms a Web server connection 

20 and supplies an authorization message that creates a data- 
base license entry. For a commercial client, a software 
provider can monitor the activation and use of client appli- 
cation features and bill the client accordingly. 
As previously discussed, systems in accordance with the 

25 present invention can be used to audit the use and prolif- 
eration of software. Attachment of a licensing module to a 
software application causes that software application to 
report back to a licensing server at some point. If the client 
module or software application is configured to report back 

30 the first time that the software application is brought up. a 
software provider can keep track of, or audit which and how 
many machines the software application is operating on. The 
licensing server can be set to initially enable any request 
received for the software application being audited. At the 

33 discretion of the software provider, the software application 
can be turned off at anytime. The software provider can 
respond to subsequent licensing enablement or validation 
requests by supplying a prompt inviting the user to purchase 
a license. A variation on the audit function can be used to log 

40 questionable user activity. 

An additional security aspect of systems in accordance 
with the invention is the provision of an activities log in the 
client module, licensing modules, or license server. Such a 

45 log gathers information associated with any or all validation 
requests, or irregularities. Information gathered in such a log 
may include, but is not limited to, data/time stamps (to 
ensure periodic checking is not interfered with), and the 
identity of a machine corresponding to the origin of an 

x inquiry request The foregoing information can be used to 
facilitate the investigation of a pirate if the pirate's activities 
require legal attention. 

Software version control can be provided in accordance 
with another aspect of the invention. Software version 

55 number information can be passed upstream in the context 
of a license validity inquiry request message. If the software 
version has expired, a message can be passed back in the 
status field of the authorization ID indicating this informa- 
tion to a user. The user may then be asked to license and 

go procure a new version of the software. Software version 
control can be used to prevent version collision, and to force 
users to stop using expired software versions by simply 
disabling mem. 

Another aspect of the invention is license system version 

65 control. By monitoring and controlling the version of the 
license system that is operating, a common denominator 
between client and agent communications can be main- 
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tained. Alternatively, in the event that different versions are application can generate and send a UDP message when it 

allowed, appropriate translations of data fields can be made is initially brought up. or whenever a computer upon which 

to ensure the different versions can still communicate. In a the client application is loaded is attached to a public 

preferred embodiment, a given client can only communicate network. 

with an agent of the same or newer version. Licensing 5 In a non-coimected or portable con^^ 

system version control also permits moderations to be an exemplary licensing system in 

made to improve, enhance, or Sbdy change an encryption invenUon can involve running an internal kcensm moduU 

f ,K. m «3« h,, thr ii^««ino «v<t^m or an component thereof, on the laptop computer 

schemes used by the licensing system. itself. An exemplary embodiment of such an arrangement is 

The present invention also can be used to maintain a ^ ^ nG ? ^ component 706 of the licens- 

software use billing system for use wim coming client iaf f raodille 702 acts on behalf of a license server 7 12 during 

applications. A billing system in accordance with the inven- ^ ^ ^ ^ We utcr 700 is out com- 

tion can use client application and feature use informant ^^on with the license server 712. The agent compo- 

from the audit system. The audit system information can be ^ ^ can receive ^ nd to Ucense v£jidity 

translated into biWng ^ejitsJ Consequently a cornmcr- ^ a clientmodule 704 on software application 

cial dient can optionally be billed only for what ^they have 705 V is loao^d on the rxirtable 700 while the portable 700 

used, rather than a set up-front, annual, or monthly amount. . $ ^ Qf cUent usccanbc stored in 

Most computers sold today have pre-installed modems. me 7^ Q f mc licensing module 702. When the 

Individual desktop machines operating in a DOS. Windows, portable 700 is re-connected to a network access point, such 

OS/2, or like environment, can utilize their pre-installed. or ^ mternct 715 gateway, the client component 710 of the 

aftermarket modems to initiate communications with an licensing module 702 can establish communication with the 

upstream agent or license server. Most commercial comput- agem module 714 in the license server 712 to refresh the 

ers are designed for incorporation into network settings. information in its cache component 708 and/or supply any 

Commercial computing systems, such as workstations, may au(iit upstrcaitL if the user has not connected the laptop 

operate in a UNIX environment. The UNIX environment is y toa network access point for a prolonged period of time, the 

well suited to operation in accordance with the invention. uscr can ^ prompted accordingly. This can be done pursu- 

Most UNIX workstations are furnished with network cards aQl to ^ expiration of a timer. 

permitting them to be network connected. Such networked Systems not having network, or Internet access, can still 
computers thus have ready direct access to Internet or ^ enabled m an autoniated. albeit semi-manual fashion. The 
gateway nodes through which a Ucense server or licensing ^ j^^g module in a software package to run on a non- 
module can be accessed. networked machine can contain a tag indicating this fact 
The particular connectivity associated with a system The user may be prompted to call a number and receive 
incorporating the invention is not critical. For example, a recorded information for enabling the software. This 
desktop machine can contain an Ethernet network card, information, of course, requires initial manual entry to 
ISDN connection card. Internet card, conventional modem, 33 enable the software, and periodic manual entry to validate 
terminal adapter, or like device, with which to gain access to the software. The validation check can be performed by 
and communicate with a license server or licensing module. prompting a user to call a number to automatically receive 
Any accepted form of connection between two more com- further enablement instructions. Such instructions are only 
puters can be used. A communications protocol in an Inter- provided if the license remains valid. Optionally, instruc- 
net environment is based on a TCP/TP protocol, or a deriva- ^ (j ons can be automatically be returned by fax in response to 
tive thereof. However use of other communication protocols a validation request phone call. 

such as IPX/SPX (NOVEL), or like protocols, also are A licensing module can be operated as a proxy agent on 

suitable for facilitation of communication in the present fl ^j. cwa ^ separating a protected computer from a public 

invention. network to which the computer is attached. Such a firewall 

When using the Internet a the medium through which to 45 proxy agent can operate in accordance with the system 

check license validity, preferred einbodiments of systems disclosed in the U.S. Pat. application No. (BDSM Attorney 

according to the invention operate using a TCP (Transfer Docket No. 025553-013). entitled: "Firewall System For 

Control Protocol) mechanism rather than a UDP (Universal Protecting Network Elements Connected To A Public 

Datagram Protocol) mechanism. In a TCP communication, a Network," by Coley and Wesinger, filed on Feb. 6, 1996. and 

connection is first formed before any information is trans- 50 incorporated herein by reference in its entirety. The forego- 

f erred That is, an interactive two-way session is established. i Dg application describes a system for preventing unautho- 

In a UDP communication, a message is sent without forming rized access to network elements protected by a firewalL The 

a connection. The message is routed in accordance with its firewall operates by maintaining a plurality of proxy agents 

destination address information. The message's receipt is that are assigned to verify and connect any incoming access 

not guaranteed. More importantly, response time to a mes- 55 requests. A proxy agent is usually assigned based on the port 

sages sent by UDP is unknown. More specifically, if heavy number associated with an incoming access request In the 

network traffic is present a UDP-based message may be present case, however, a proxy agent for validating a license 

delayed. Consequently, there can be an unacceptable delay i s assigned for a request originating from a desktop machine 

in enabling a client application. Using a TCP messaging that resides behind the firewall (i.e.. is protected by the 

format guarantees a response, even if that response indicates w firewall). Hence, the proxy agent acts as licensing module 

that a connection cannot be made. A decision can be made performing all of the previously described tasks associated 

whether to re-attempt communication immediately or at a vvith licensing modules. For example, a proxy agent liccns- 

later time. A TCP connection also is more secure because i D g module can receive and forward a license validity 

data is not being cast into the network without guarantee of inquiry request message from a client application residing 

receipt, as is the case with UDP communications. « 0 n a protected computer. The proxy agent also acts on behalf 

One scenario where UDP communication can be utilized of the responding agent to accept a inquiry response mes- 

is in an audit system incorporating the invention. A client sage and then pass thc response back to the protected 
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computer on behalf of the responding agent. The proxy 
agent also can facilitate periodic updates of a cache com- 
ponent maintained therein. The proxy agent is the only IP 
address visible outside of the firewall The foregoing system 
protects the identity of the client application computer 5 
because the proxy agent acts on behalf of the computer when 
communicating with the outside world. 

In an exemplary commercial embodiment, the present 
invention can take the form of a software package comprised 
of floppy disks, a CD-ROM. or even a downloadable pack- 10 
age. The software package may consist of a library of object 
modules that can be selected, as needed, by a software 
applications designer. The designer may select various 
object modules from the library for insertion into a pre- 
compiled version of a software application. The entire jj 
software application, including the selected object modules, 
are compiled to create a single executable client application. 
The selection of insertion points and frequency is left to the 
discretion of the designer. Validation check watchdog timers 
can be distributed throughout a software application. Vali- ^ 
dation checks can be inserted to correspond to various 
interrupts, or procedure calls within the software application 
(e.g.. printing, saving). An opening routine in the software 
application can be selected for insertion of an initial license 
validation or enablement check. 25 

Because the present invention involves the operation of 
computing systems, an exemplary embodiment of the inven- 
tion can take the form of a medium for controlling such 
computing systems. Hence, the invention can be embodied 
in the form of an article of manufacture as a machine 30 
readable medium such as floppy disk, computer tape, hard 
drive disk, CD ROM, RAM. or any other suitable memory 
medium. The invention can also be embodied in a form that 
can be accessed and retrieved over a public network, such as 
the Internet, and downloaded onto a machine readable 35 
memory medium. Embodied as such, the memory medium 
contains computer readable program code which causes one 
or more computing systems upon which the licensing system 
is running to function or carry out processes in accordance 
with the present invention. 40 

The invention has been described with respect to several 
exemplary embodiments. However, one skilled in the art 
will readily appreciate and recognize that the licensing 
system or method of operation in accordance with the 
invention can be applied in any computing system using 45 
licensed software, which systems are preferably attachable 
to a public network, such as the Internet. The invention 
provides the benefit of being able to freely distribute 
licensed software incorporating the invention with reduced 
apprehension of the software being illicitly copied or used 30 
without its being properly licensed. Alternatively, a system 
in accordance with the invention can be used to track and 
maintain records of the proliferation and use of software 
incorporating the invention. 

The invention has been described with reference to par- 55 
ticuiar embodiments. However, it will be readily apparent to 
those skilled in the art that it is possible to embody the 
invention in specific forms other than those of the embodi- 
ments described above. Embodiment of the invention in 
ways not specifically described may be done without depart- 60 
ing from the spirit of the invention. Therefore, the preferred 
embodiments described herein are merely illustrative and 
should not be considered restrictive in any way. The scope 
of the invention is given by the appended claims, rather than 
by the preceding description, and all variations and equiva- 65 
lents which fall within the range of the claims are intended 
to be embraced therein. 



What is claimed is: 

1. A network software licensing system having self- 
enabling software, the network licensing system comprising: 

a plurality of computers arranged in a hierarchy, the 
plurality of computers including client computers, 
server computers and agent computers, wherein the 
server computers are located at the highest level in the 
hierarchy and the client and the agent computers are 
located at levels in the hierarchy below the highest 
level; 

at least one client computer having a client application 
loaded thereon, wherein the client application com- 
prises a software application and a client module; 

an agent computer from which at least one client com- 
puter is subtended, the agent computer having a licens- 
ing module running thereon, wherein the licensing 
module includes: 

an agent component for communicating with the client 
module; 

cache component for storing license records, and 
a client component for communicating with an agent 
component; 

a server computer having a license server running 
thereon, wherein the license server includes: 
an agent module for communicating with the client 

component in the licensing module; and 
a database for storing license records; wherein 
the client component in the licensing module sys- 
tematically initiates communication with the agent 
module in the license server over a public network 
to collect license records for storage in the cache 
component; and wherein the client module auto- 
matically initiates communication with the agent 
component in the licensing module at a level in the 
hierarchy above the client module and not me 
agent component in the license server to determine 
whether the cache component in the licensing 
module contains a license record corresponding to 
the software application. 

2. The network software system claimed in claim 1, 
wherein a plurality of agent computers which comprise the 
network are connected between the client computers and the 
license server, any given license module being capable of 
communicating with any other license module and being 
capable of communicating with any given client module. 

3. The network software system claimed in claim 1. 
wherein license records are organized according to class and 
sub-class designations. 

4. The network software system claimed in claim 2. 
wherein an uppermost agent computer records communica- 
tions from subtended agent and client computers for auditing 
client application use. 

5. The network software system claimed in claim 4, 
wherein the upper-roost agent computer communicates cli- 
ent application use data to the server computer. 

6. The network software system claimed in claim 4, 
wherein the upper-most agent computer includes an audit 
tool for generating audit reports. 

7. A hierarchical license system having a plurality of 
computers connected by a computer network, the plurality 
of computers arranged in a hierarchy from a lowest level to 
highest level and having computer software that is enabled 
with a license, the system comprising: 

license server on a computer at the highest level in the 
hierarchcial license system, the license server having a 
database of licensing information for enabling com- 
puter software on the plurality of computers in the 
hierarchcial license system; 
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plurality of licensing modules on computers at levels in 
the hierarchy below the highest level in the hierarchy, 
the plurality of licensing modules including: 
client component for communicating with agent com- 
ponents in licensing modules in a next level L+l in 5 
the hierarchy, 
agent component for communicating with client com- 
ponents in licensing modules in a previous level L-l 
in the hierarchy, and 
cache component for storing license information for 10 
computer software on computers in a previous level 
L-l in the hierarchy, wherein the cache component 
is updated periodically with license information 
from agent components in a next level L+l in the 
hierarchy. 13 
wherein a client component in a licensing module at a 
level L in the hierarchy requests a license for 
enabling software from an agent component in a 
licensing module at a level L+l in the hierarchy and 
not directly from the license server at the highest 20 
level in the hierarchy. 

8. A licensing management system as claimed in claim 7 
wherein the plurality of licensing modules comprises: 

a library of code modules suitable for inserting into a 
precompiled version of the computer software, the 25 
library of code modules including a plurality of client 
modules. 

9. The licensing management system claimed in claim 8, 
wherein the library of code modules further includes: 

an interact validation generator that initiates a license 30 
validity inquiry when a piece of the computer software 
into which the interrupt validation generator is inserted 
is executed. 

10. The management licensing system claimed in claim 8, 
wherein the library of code modules further includes: 33 

watchdog timer that initiates a license validity inquiry 
upon expiration. 

11. The licensing management system claimed in claim 7 
wherein a computer at the lowest level is a portable com- ^ 
puter that includes: 

a client application comprising a licensed software appli- 
cation and a portable client module; and 

a portable licensing module comprising a portable agent 
component for communication with the portable client 45 
module, a portable cache component for storing license 
records, and a portable client component for commu- 
nication with the hierarchical license server; 

wherein the portable licensing module manages the por- 
table client module to control the client application so 
pursuant to license records maintained in the portable 
cache component when the portable computer is not 
connected to the public network* and wherein 

the license module receives license record updates to its 
portable cache component from, and transmits client 55 
application use records to. the hierarchial license server 
when the portable computer is connected to the public 
network. 

12. In a computer system having a plurality of computers 
connected by a computer network, the plurality of comput- 60 
ers arranged in a hierarchy from a lowest level to highest 
level and having computer software that is enabled with a 
license, a method of enabling the computer software with a 
license, the method comprising the following steps: 

(a) maintaining a license server on a computer at the 65 
highest level in the hierarchical license system, the 
license server having a database of licensing informa- 



26 

tion for enabling computer software on the plurality of 
computers in the hierarchy; 

(b) requesting a license in a licensing module at a level L 
in the hierarchy from a licensing module on a computer 
at level L+l in the hierarchy to enable computer 
software on a computer at a level L in the hierarchy, the 
licensing modules having: 

client component for communicating with agent com- 
ponents in licensing modules in a next level L+l in 
the hierarchy. 

agent component for communicating with client com- 
ponents in licensing modules in a previous level L-l 
in the hierarchy, and 

cache component for storing license information for 
computer software on computers in a previous level 
L-l in the hierarchy, wherein the cache component 
is updated periodically with license information 
from agent components in a next level L+l in the 
hierarchy; 

(c) determining from the licensing module at the level 
L+l if the requested license is in a cache component for 
the licensing module, and if not, 

(d) sending the request for the license to a licensing 
module at a next higher level in the hierarchy; 

(e) repeating step (d) until the requested license is located 
in a cache component in a licensing module at a next 
highest level in the hierarchy, or the highest level in the 
hierarchy is reached, wherein the requested license is 
located on the license server. 

13. A computer readable medium having stored therein 
instructions for causing a computer to execute the method of 
claim 1Z 

14. The method of claim 12 further comprising: 
sending the located license back down the hierarchy to the 

licensing module which requested the license; and 
updating cache components with license information in 
licensing modules in selected levels in the hierarchy 
between the level in the hierarchy at which the license 
was located and the level in the hierarchy at which the 
license was requested. 

15. The method of claim 12 further comprising: 
sending the located license back down the hierarchy to the 

licensing module which requested the license; and 
updating cache components with license information in 
licensing modules only in a level L+l in the hierarchy 
above the level L in the hierarchy from which the 
license was requested 

16. The method of claim 12 wherein the license server 
periodically sends license information to licensing modules 
at highest levels in the hierarchy below the license server, 
and the licensing modules at the highest levels in the 
hierarchy propagate the license information to licensing 
modules at lower levels in the hierarchy. 

17. The method of claim 12 wherein a licensing module 
at a level L can only make a license request to a licensing 
module at a level L+l and not directly to the license server. 

18. The method of claim 12 wherein any client component 
in any licensing module can communicate with any agent 
component in any licensing module in the hierarchy, and 
visa- versa. 

19. The method of claim 12 wherein the requesting step 
includes requesting the license from a client component in 
the liccosing module at the level L in the hierarchy, and 
sending the request to an agent component in a licensing 
module at the level L+l in the hierarchy. 

20. The method of claim 12 wherein cache components 
for licensing modules at the lowest level in the hierarchy do 
not contain any license information. 
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21. The method of claim 12 wherein the license server 
organizes license information into class and sub-class des- 
ignations wherein the class designations includes license 
information for a plurality of computers at higher levels in 
the hierarchy, and sub-class designations includes license s 
information for a plurality of computers below the higher 
levels in the hierarchy, thereby providing efficient commu- 
nications of license information between the license server, 
and licensing modules at all levels in the hierarchy. 

22. A hierarchical computer software licensing apparatus. 10 
the apparatus comprising: 

maintaining means for maintaining a license server on a 
computer at a highest level in a hierarchical license 
system, the license server having a database of licens- 
ing information for enabling computer software on a 15 
plurality of computers in the hierarchy; 

requesting means for requesting a license from a com- 
puter at a level L in the hierarchy to enable computer 
software on the computer from a licensing module on 
a computer at level L+l in the hierarchy, the licensing 
modules having: 

client component for communicating with agent com- 
ponents in licensing modules in a next level L+l in 
the hierarchy. 

agent component for communicating with client com- 
ponents in licensing modules in a previous level L-l 
in the hierarchy, and 

cache component for storing license information for 
computer software on computers in a previous level 
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L-l in the hierarchy, wherein the cache component 
is updated periodically with license information 
from agent components in a next level L+l in the 
hierarchy; 

determining means for determining from the Licensing 
module at the level L+l if the requested license is in 
a cache component for the licensing module, and if 
not. 

sending means for sending the request for the license to 
a licensing module at a next higher level in the 
hierarchy; 

locating means for locating requested the license in a 
cache component in a licensing module at a next 
highest level in the hierarchy, or at the highest level 
in the hierarchy, wherein the requested license is 
located on the license server. 

23. The system of claim 1 wherein the public network is 
the Internet 

24. The system of claim 1 wherein the communication 
between the client computers and the agent computers are 
encrypted. 

25. The system of claim 1 wherein the client computers 
and agent computers use a shared key to initialize encryption 
engines contained on the client and agent computers, 
wherein the encryption engines operate using the shared key. 
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